DNS Records Explained — A Complete Guide for Webmasters

What DNS Does and Why It Matters

The Domain Name System is essentially the phone book of the internet. When you type a website address into your browser, DNS translates that human-readable domain name into the IP address where the website actually lives. Without DNS, you would need to memorize numerical addresses like 104.26.10.78 to visit every website. Every single page load, API call, and email delivery depends on DNS working correctly.

DNS resolution happens before anything else. Before your browser can download a single byte of a webpage, it must first resolve the domain name to an IP address. This typically takes 20 to 120 milliseconds, depending on whether the result is cached locally, at your ISP, or needs to be fetched from the authoritative nameservers. Understanding DNS is fundamental to managing any website, email system, or online service.

A Records and AAAA Records

The A record is the most basic DNS record type. It maps a domain name to an IPv4 address — the four-number format like 192.168.1.1. When someone visits your website, the browser looks up the A record for your domain to find the server IP address. Most websites have at least one A record pointing their domain to their hosting server.

AAAA records serve the same purpose but for IPv6 addresses — the newer, longer format like 2606:4700:3030::6815:2a4e. As IPv4 addresses become scarce, IPv6 adoption is growing. Adding AAAA records alongside A records ensures your site is accessible over both protocols. Cloudflare and most modern hosting providers automatically create both record types.

CNAME Records

A CNAME (Canonical Name) record creates an alias from one domain name to another. Instead of pointing directly to an IP address, it points to another domain name which then resolves to an IP. For example, you might create a CNAME record for www.example.com pointing to example.com, or blog.example.com pointing to your hosting provider domain.

The key limitation of CNAME records: they cannot coexist with other record types at the same name. You cannot have a CNAME record and an MX record for the same subdomain. This is why you cannot use a CNAME for your root domain — root domains need SOA and NS records which would conflict. Some DNS providers offer CNAME flattening or ALIAS records to work around this limitation.

MX Records for Email

MX (Mail Exchange) records tell the internet where to deliver email for your domain. When someone sends an email to [email protected], the sending mail server looks up the MX records for yourdomain.com to find the mail server that handles incoming email. MX records include a priority number — lower numbers have higher priority. Most setups include at least two MX records for redundancy.

If you use Google Workspace, your MX records point to Google mail servers. Microsoft 365 uses similar records. Getting MX records wrong means email stops working entirely — one of the most impactful DNS mistakes you can make. Use our DNS Lookup tool at safewebtools.com to verify your MX records are configured correctly.

TXT Records for Verification and Security

TXT records store arbitrary text data associated with your domain. They serve many purposes, but the most important are email authentication and domain verification. SPF records (stored as TXT records) specify which mail servers are authorized to send email on behalf of your domain. DKIM records (also TXT) contain cryptographic keys that receiving servers use to verify email authenticity. DMARC records define your email authentication policy.

Without proper SPF, DKIM, and DMARC records, your emails are more likely to land in spam folders, and spammers can more easily forge emails that appear to come from your domain. Google and Yahoo now require proper email authentication for bulk senders, making these records essentially mandatory for any domain that sends email.

NS Records and TTL

NS (Name Server) records specify which DNS servers are authoritative for your domain. These are typically set at your domain registrar and point to your DNS provider — whether that is Cloudflare, AWS Route 53, your hosting provider, or the registrar itself. Changing NS records delegates DNS management to a different provider and usually takes 24 to 48 hours to propagate globally.

TTL (Time to Live) controls how long DNS resolvers cache a record before checking for updates. A TTL of 3600 means the record is cached for one hour. Lower TTLs mean changes propagate faster but increase DNS query volume. Before making DNS changes, lower the TTL a day in advance so the old value clears from caches quickly. After the change, you can increase the TTL back to reduce unnecessary queries.

Troubleshooting DNS Issues

When a website stops working, DNS is one of the first things to check. Common issues include expired domains (registrar suspended the domain), incorrect nameservers (pointed to the wrong DNS provider), missing A records (domain resolves but has no IP to connect to), and propagation delays (recent changes have not reached all DNS servers yet). Tools like our DNS Lookup tool let you query specific record types from multiple locations to identify exactly where the problem lies.